1. Technical Field
The present disclosure relates to program binaries and more specifically to annotation-driven integrity verification of program binaries.
2. Introduction
Software developers implement various protection schemes in an effort to prevent attackers, also known as software crackers, from modifying program binaries. These protection schemes traditionally have included copy protection, trial/demo versions, serial number checks, hardware keys, date checks, etc. The goal of the attacker is to remove or bypass the protection scheme. Typically, the attacker modifies the binary to prevent a specific call to the protection scheme. The attacker accomplishes this by debugging or tracing the binary until the protection scheme is called, at which point the attacker can modify the binary by replacing the call to the protection scheme, or causing the binary to skip over the call to the protection scheme.
For example, in a binary that has a trial period of 14 days, the binary will check to see if the trial period has expired, and if so, terminate itself. The attacker will reverse engineer the binary using the debugger, and upon finding the call to the protection scheme, will “patch” the binary and either prevent the call to the protection scheme, or modify the binary such that the protection scheme check does not fail.
Once the protection scheme of the binary has been successfully broken, the binary is typically distributed freely across the Internet in peer-to-peer networks, or reproduced and sold illegally. In both situations, the software developer is not compensated for his or her efforts in developing the program binary. Cracking is also detrimental to software developers in the sense that “cracked” software is often buggy and prone to crashing, thereby causing users to form bad opinions of the software, and, the “cracked” software may be accompanied by malware. Current protection schemes have not been successful in preventing attackers from modifying program binaries.